incransom
Ransomware group profile
459Victims
RussiaSource country
110Impact score
Also Known As
GOLD IONIC
Description
INC Ransom is a sophisticated ransomware group active since July 2023, known for their double extortion tactics that involve not only encrypting data but also threatening to leak sensitive information. They target a variety of high-profile sectors, including healthcare and education, leveraging advanced techniques to infiltrate systems and maximize impact.
Key insights
- •Employs double extortion tactics to maximize leverage on victims.
- •Targets critical infrastructure sectors, including healthcare and public administration.
- •Utilizes advanced techniques like spear-phishing and RDP exploitation for initial access.
- •Custom ransomware employs AES-128 encryption with multi-threading to hinder recovery.
- •Effective in evading detection through legitimate process usage and security feature manipulation.
- •Cryptocurrency is the primary payment method for ransom demands.
Threat Level & Status Breakdown
For incransom · Based on incidents in selected period
4.3threat level
Aggressiveness10/ 10
Lethality0.3/ 10
Criticality2.4/ 10
Status Breakdown
Data Leaked4.8%22
Negotiating0.4%2
Claimed94.8%435
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for incransom in the selected period
459Total attacks
49peak in Jan
35.3avg / month
↑ 9 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for incransom
- a53a9ca8a074c7108f8412c3f8c1fc5d
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- 9db958bc5b4a21340ceeeb8c36873aa6bd02a460e688de56ccbba945384b1926
- 7f37351979c249417cb180b4ede0ed17e5fe2a1f08add4d72606b589f8fdb245
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- 7007cf53bcd0083baba202d8ac2d9070
- 25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b
- 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
- fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced
- a98dcdee82f6066a4cf2f9d7d161a1bacec8f81d
- 9218e2c37c339527736cdc9d9aad88de728931a3
- d1038be644a0da3ba05922fa27db4167a6e17451
- 1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0
- 60aeb9f7bccf377ff02ed64783e66a62c0f976878d9729b067bc7e5b0b9da9d6
- 5cc212f84d2bf3fbab165aaf09b16e00fcf2f1ccd880d24b14404c53dcdbf241
- a2b1c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
- 75612233d32768186d0557dd39abbbd3284a2a29
- 5fda381a9884f7be2d57b8a290f389578a9d2f63e2ecb98bd773248a7eb99fa2
- 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
- 6cd349eda0fa6c8b274a0920852c68f8b727afea1fdbc69ad183cef05d9cf141
- f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429
- e502b8d617a2cd9bfa41762282a0ff81
- 3403b92056d7645acfb7236824cc58b15e4d5395
- 2833c82055bf2d29c65cd9cf6684449a
- fd452da0d978514adaeee1dd5227212aad00bf07f2481d335eed77a4ee08a5e8
- 7a96d9f7a25a67ec2873bb814cb0ba104d3b7c1651f65ff09d8e1f76cba6fb79
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for incransom
CVE-2025-5777
CVE-2025-53770
CVE-2025-49706
CVE-2025-49704
CVE-2024-57727
CVE-2023-4966
CVE-2023-3519
CVE-2019-18935
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1555
T1555
T1059
T1059
T1071
T1071
T1068
T1068
T1210
T1210
T1021.001
T1021.001
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Horizon Family Medical Group | — | US United States | Healthcare | Claimed | 1 day ago | |
| neuwoges.de | neuwoges.de | DE Germany | Other | Claimed | 2 days ago | |
| jasperplastics.info | jasperplastics.info | US United States | Manufacturing | Claimed | 3 days ago | |
| framesiprofessional.com | framesiprofessional.com | US United States | Professional Services | Claimed | 3 days ago | |
| smithassociatescpa.com | smithassociatescpa.com | US United States | Professional Services | Claimed | 4 days ago | |
| DISCOLABINDU | — | FR France | Hospitality | Claimed | 8 days ago | |
| fineconsulting | — | RO Romania | Professional Services | Claimed | 8 days ago | |
| Signazon_USA | — | US United States | Technology | Claimed | 8 days ago | |
| Kewaunee Scientific | — | US United States | Manufacturing | Claimed | 8 days ago | |
| FIZA | — | CZ Czech Republic | Healthcare | Claimed | 9 days ago | |
| kelmreuter.com | kelmreuter.com | US United States | Professional Services | Claimed | 13 days ago | |
| obrieneng.com | obrieneng.com | US United States | Other | Claimed | 14 days ago | |
| Stuga Machinery | — | GB United Kingdom | Manufacturing | Claimed | 15 days ago | |
| pdcbodynits | — | SG Singapore | Manufacturing | Claimed | 15 days ago | |
| CUSTOMSIGN | — | US United States | Professional Services | Claimed | 16 days ago | |
| Oztugotomotiv | — | TR Turkey | Manufacturing | Claimed | 16 days ago | |
| Champaign-Urbana Public Health District | — | US United States | Government & Defense | Claimed | 18 days ago | |
| trrac.net | trrac.net | US United States | Transportation | Claimed | 17 days ago | |
| Bradley law firm | — | US United States | Professional Services | Claimed | 18 days ago | |
| Colina Financial Advisors | — | BS Bahamas | Financial Services | Data Leaked | 16 days ago |
Page 1 of 10
Affected countries(75)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇪Belgium🇧🇯Benin🇧🇷Brazil🇨🇦CanadaCongo, the Democratic Republic of the🇨🇭SwitzerlandCôte d'Ivoire🇨🇱Chile🇨🇲Cameroon🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇴Dominican Republic🇩🇿Algeria🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇪Georgia🇬🇷Greece🇭🇰Hong Kong🇭🇹Haiti🇭🇺Hungary🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇲Jamaica🇯🇵Japan🇰🇭CambodiaKorea, Republic of🇰🇼Kuwait🇲🇲Myanmar🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇳🇦Namibia🇳🇬Nigeria🇳🇱Netherlands🇳🇿New Zealand🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇹Portugal🇵🇾Paraguay🇶🇦Qatar🇷🇴Romania🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇨Seychelles🇸🇪Sweden🇸🇬Singapore🇸🇰Slovakia🇸🇱Sierra Leone🇸🇳Senegal🇹🇭Thailand🇹🇳Tunisia🇹🇴Tonga🇹🇷TurkeyTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa🇿🇲Zambia